Connexin Software Breach
Table of Contents
- Published: Jun 25, 2024
- Last Updated: Jul 09, 2024
Founded in 1982, Connexin Software, a company that operates under the name Office Practicum, offers pediatric-specific health IT solutions. It provides electronic medical records software, practice management software, and business analytic tools to pediatric physician groups. The company offers solutions such as Family medicine electronic health record (EHR), patient engagement, revenue cycle management (RCM), and Specialty EHR. It caters to medical practices in at least 40 states in the United States.
Connexin Software keeps a large database of patients with sensitive health information, so it is not strange they were a mark for a data security breach. The company experienced a data breach in August 2022, which led to the compromise of data involving about 2.2 million patients and 119 pediatric physicians. Following the detection of a data anomaly on its internal network, the company immediately initiated an investigation. It employed the services of third-party forensic experts to dig into and determine the nature and extent of the incident.
On September 13, 2022, investigations revealed that some bad-faith actors had accessed Connexin Software's offline set of patient information used for data conversion and troubleshooting. It was also discovered that some of the datasets accessed were removed by hackers. However, the company claims its live electronic record system was not tampered with in the unauthorized scheme. Connexin Software could not state the actual data accessed in the breach. Nevertheless, it is believed the patient information compromised may have included social security numbers (SSNs), demographic information, medical/treatment information, health insurance data, and billing/claims information.
When Was the Connexin Software Data Breach?
The Connexin Software data breach was detected on August 26, 2022, but the system was said to have been breached on July 17, 2022. After the discovery, the company reset all corporate account passwords and moved all the patient data to a more secure location. Following the company's investigations, it began sending Notice of Data Breach letters to parents of affected children. In response to this incident, Connexin Software offered the impacted children child identity monitoring services through Kroll for a period of 12 months at no cost.
How to Check If Your Data Was Breached
Parents of children whose personal information was impacted in the Connexin Software data security breach were served with a Notice of Data Breach. So, you would have received a notice if your child's data was compromised by the breach. However, if you did not receive the letter and are still in doubt, you can contact the company at (855) 532-0912 to clarify whether your child's information was also impacted. In addition, check your email for all communications from Connexin Software and look up information relating to the breach on their official website (Office Practicum).
What to Do If Your Data Was Breached
Parents whose children's personal data was impacted by the Connexin Software data breach are encouraged to take advantage of the Kroll identity monitoring services offered by the company. With these services, you can rest assured of your child's identity monitoring and identity theft resolution if they become a victim of identity theft. In addition, you get limitless access to consultations with Kroll fraud specialists.
Furthermore, you should carefully review your credit reports and statements to ensure all listed activities are valid. If you notice any unauthorized transactions in your financial accounts, notify the appropriate financial institution or card company immediately. If you suspect identity theft, report it promptly to local law enforcement and other relevant authorities like your state Attorney General and the Federal Trade Commission (FTC).
Are There Any Lawsuits Because of the Data Breach?
Yes. Connexin Software has been faced with multiple class action lawsuits following the 2022 data security breach. Nine of those class actions were consolidated into a single class action suit because they all made similar claims. The consolidated class action is led by Shubs & Johns partner Benjamin Johns, who is a co-lead plaintiff counsel with Bart Cohen of Bailey & Glasser. The plaintiffs claimed that the company failed to protect employee and patient information from the August 2022 cyberattack, which compromised sensitive information belonging to the affected persons. Although Connexin Software did not admit any wrongdoing, it proposed a $4 million settlement in a bid to resolve the data breach class action suit. This proposal has already received preliminary approval from a federal court judge in the Eastern District of Pennsylvania.
Under the settlement terms, class members can receive up to $7,500 in rewards for documented out-of-pocket losses caused by the data breach or a flat fee cash payment. However, cash fee payments will vary based on the number of claims filed, while reimbursement payments will vary depending on the types of loss claims received. Class members can opt to receive three years of free fraud and identity theft monitoring instead of receiving cash payments. While the final settlement approval hearing is scheduled for July 24, 2024, class members are expected to submit valid claim forms by July 25, 2024. Otherwise, they will not receive settlement benefits. There will be no settlement payments or benefits until the court approves the proposed settlement and it becomes final.
Can My Connexin Software Information Be Used for Identity Theft?
Yes. Pediatric patients and employees' information compromised during the August 2022 Connexin Software data breach can be used for identity theft. The compromised information included names, addresses, dates of birth, social security numbers, email addresses, parent/guardian names, and guarantor names. Children's data are especially valuable to cybercriminals, who can prey on their identities for several years. Such data could also be sold to human trafficking cartels.
What Can You Do to Protect Yourself Online?
Following the August 2022 Connexin Software data breach incident, the company said it would invest $1.5 million in its information security program to boost the protection of patient data. However, you have to do more to safeguard your sensitive data than relying on the efforts made by any company that has your information stored in its database, especially considering the increased threats of cyberattacks. The following are some of the measures you can take to protect yourself online:
- Always keep your personal information personal, especially by being cautious about what you put on your social media accounts/profiles. Often, hackers have found a way to figure out passwords and answers to security questions in the password reset tools using information littered on people's social media accounts.
- Stay current on cyber threat-related matters by learning about the latest cybersecurity threats and best security practices to imbibe to avoid falling victim.
- Always choose strong passwords that include a combination of special and alphanumeric characters when required to create one.
- Never provide sensitive personal or financial information over an unsecured internet connection, particularly public Wi-Fi networks. If you use a wireless home network, ensure it is password-protected. Also, make sure a site is secure before entering your sensitive personal information.
- Sign up for a credit monitoring service to help monitor any changes in your credit file.
- Avoid clicking on links or attachments in suspicious emails.